This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tobias_C
Participant
‎2022-01-05 01:08 AM
Jump to solution

Blink PnP

Can anyone please give me a hint on why Blink PnP isn't working for me.

I have a brand new 6200 appliance. Pre-installed is R81 and FTW isn't run.
I've put "blink_image_1.1_Check_Point_R80.40_T294_JHF_T139_SecurityGateway.tgz" on a blank USB flash drive, formated as NTFS (also tried exFAT)

I've booted up the appliance, I've set an expert password. That's all.
I then insert the USB with the blink-image and all that happens is this line in /var/log/blink_PlugAndPlay.log

[ Wed Jan 5 10:33:47 EST 2022 ] Detecting new usb...

So.. I've figured out that inserting a USB flash drive triggers the script /usr/bin/BlinkPlugAndPlay.sh. Unfortunately the script bails out as it tries to identify the USB flash drive so the USB flash drive never gets mounted.

It never gets past this part of the script:

sleep 5
dmesg > $BLINK_USB_DETECTION
DRIVEIS=`tail $BLINK_USB_DETECTION -n 100 | grep "assuming" | tail -n 1 | cut -f1 -d":"`
if [[ "X$DRIVEIS" == "X" ]]; then
   exit 1
fi

I understand the script looks for the string "assuming" in dmesg output. The problem is that there is no string "assuming" in dmesg output!

I've tried with like eight or nine different USB flash drives from five different vendors without luck.
With some USB flash drives there is a message about "Assuming drive cache: write through" but that doesn't match as the word "Assuming" is with a capital "A". However... I don't think it's supposed to match on that string because if it does, the next part of the script fails to correctly find the drive identifyer (like sdb).

This is the next part:
DRIVE_REAL=`tail $BLINK_USB_DETECTION -n 100 | grep "$DRIVEIS:" | tail -n 1 | cut -f2 -d":" | tr -d " "`
if [[ "X$DRIVE_REAL" == "X" ]]; then
   exit 1
fi

 

Anyone?

0 Kudos
1 Solution

Accepted Solutions
Gregory_Azratz
Employee
Employee
‎2022-01-05 07:11 AM
Jump to solution

Hi @Tobias_C ,

Indeed when we first launched Blink, we have created a simple way of launching the blink installation directly from a USB stick (without the need to do any additional operation).

Unfortunately starting R80.30 with the update of the kernel version, this capability stopped working.

We are working on bringing it back with the next major release.

Thanks,

Gregory

View solution in original post

13 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-01-05 03:30 AM
Jump to solution

Blink install is usually performed in WebGUI CPUSE. Did you read sk120193: Blink - Gaia Fast Deployment ? The USB autoinstall you write of i never have heard about - this has worked for you already on other appliance models ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Tobias_C
Participant
‎2022-01-05 04:02 AM
In response to G_W_Albrecht
Jump to solution

Well... an earlier co-worker used it a couple of years ago installing a bunch of 5100's.
I know the documentation around blink pnp is more or less non-existent but it is briefly mentioned in a TechTalk about CDT and Blink. https://community.checkpoint.com/t5/Security-Gateways/TechTalk-CDT-and-Blink-Video-and-Slides/m-p/35...

There's also a couple of other post that touches the subject, for example https://community.checkpoint.com/t5/Security-Gateways/Blink-directly-from-USB/m-p/121231

 

 

Gregory_Azratz
Employee
Employee
‎2022-01-05 07:11 AM
Jump to solution

Hi @Tobias_C ,

Indeed when we first launched Blink, we have created a simple way of launching the blink installation directly from a USB stick (without the need to do any additional operation).

Unfortunately starting R80.30 with the update of the kernel version, this capability stopped working.

We are working on bringing it back with the next major release.

Thanks,

Gregory

Tobias_C
Participant
‎2022-01-05 07:54 AM
In response to Gregory_Azratz
Jump to solution

Ahh... that explains!

Thanks!

0 Kudos
sliramp
Explorer
‎2022-01-15 05:54 AM
In response to Gregory_Azratz
Jump to solution

Hello @Gregory_Azratz 

When you say the next major release, does this mean R81, R81.10 or something else???

Regards

0 Kudos
PhoneBoy
Admin
Admin
‎2022-01-15 01:53 PM
In response to sliramp
Jump to solution

The next release is R81.20.
He could be referring to a later release also.

0 Kudos
Gregory_Azratz
Employee
Employee
‎2022-01-16 04:45 AM
In response to sliramp
Jump to solution

sorry for the confusion - we are working on bringing it back in R81.20

0 Kudos
sliramp
Explorer
‎2022-01-17 05:36 AM
In response to Gregory_Azratz
Jump to solution

That's a bummer. I was really looking forward to using this method to install 50 gateways without going through the hassle of doing 50 first time wizards and 50 CPUSE upgrades. Is there another method that could help speed this process up ?

0 Kudos
Gregory_Azratz
Employee
Employee
‎2022-01-18 08:49 AM
In response to sliramp
Jump to solution

Hi @sliramp ,
agreed, but don't worry 🙂
we have many other ways to achieve your goal of installing 50 machine without the hassle of 50 FTW and 50 CPUSE upgrades.

I suggest that we have session in order to understand your needs and limitations, and  provide possible solutions

what do you think?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-01-19 03:15 AM
In response to sliramp
Jump to solution

Did you have a look into sk65205: How to install SecurePlatform / Gaia from a USB device on Check Point appliance and Open Se... yet?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
David_Brodin
Contributor
‎2022-05-05 01:00 AM
Jump to solution

Sorry for reviving an old thread, but I had the same issue in an earlier thread.

 

I actually got blink-install from USB to work and have used it to install r80.40 with take 120 on 34 different 5800 appliances.

The trick is to format the USB as FAT32. Blink will not mount anything else and therefore ground to a halt.

Hopefully R81.* blink supports exFAT or NTFS, I currently don't have any R81.* to check.

 

Do note that the blink image with the take after T120 is too large for FAT32. The same goes for R81.10 when I look at its size now.

 

A side note, from my thread. I did create my script to produce batches of blink-images so that all I had to do was to move the USB-drive to a new appliance in the order I wanted/created. Configured clish in the most basic way, IP on mgmt-interface so I then could access to boxes remotely and finish configuring. It's pretty neat and opens to use several USB-sticks at the same time if you keep track of the order or even completely configure the gate 🙂

Not sure why I haven't added it to my github to share, but will if it's interesting.

0 Kudos
Dov_Fraivert
Employee
Employee
‎2022-05-15 07:48 AM
In response to David_Brodin
Jump to solution

Hi @David_Brodin 
There were some issues with Blink PnP from R80.40 to R81.10.
From the following base version (R81.20) it should work.
For an Blink images smaller than 4GB, you need to format to FAT32
For an Blink images larger than 4GB, you need to format to NTFS.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top